Published: 08/04/2009 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ghostscript ghostscript 8.61

Debian Bug report logs - #524803 ghostscript: multiple vulnerabilities Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Mon, ...

It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program (CVE-2007-6725) ...

Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Te ...

Several security issues have been discovered in Ghostscript, a GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file For the stable distribution (lenny), these problems have been fixed in version 862dfsg1-32lenny4 For the unstable distribution (sid), these pr ...

CWE-119 http://www.openwall.com/lists/oss-security/2009/04/01/10 https://bugzilla.redhat.com/show_bug.cgi?id=229174 https://bugzilla.redhat.com/show_bug.cgi?id=493442 http://secunia.com/advisories/34726 http://www.redhat.com/support/errata/RHSA-2009-0420.html http://www.securityfocus.com/bid/34337 http://secunia.com/advisories/34732 http://www.redhat.com/support/errata/RHSA-2009-0421.html http://secunia.com/advisories/34729 http://wiki.rpath.com/Advisories:rPSA-2009-0060 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/35416 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 http://www.vupen.com/english/advisories/2009/1708 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507 https://usn.ubuntu.com/757-1/http://www.securityfocus.com/archive/1/502757/100/0/threaded http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524803 https://usn.ubuntu.com/757-1/https://nvd.nist.gov

CVE-2007-6725

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect